<!DOCTYPE html><html><head>
      <title>ECC&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x52A0;&#x5BC6;</title>
      <meta charset="utf-8">
      <meta name="viewport" content="width=device-width, initial-scale=1.0">
      
      
        <script type="text/x-mathjax-config">
          MathJax.Hub.Config({"extensions":["tex2jax.js"],"jax":["input/TeX","output/HTML-CSS"],"messageStyle":"none","tex2jax":{"processEnvironments":false,"processEscapes":true,"inlineMath":[["$","$"],["\\(","\\)"]],"displayMath":[["$$","$$"],["\\[","\\]"]]},"TeX":{"extensions":["AMSmath.js","AMSsymbols.js","noErrors.js","noUndefined.js"]},"HTML-CSS":{"availableFonts":["TeX"]}});
        </script>
        <script type="text/javascript" async src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/MathJax.js"></script>
        
      
      
      
      
      
      
      
      
      
      <style>
      /**
 * prism.js Github theme based on GitHub's theme.
 * @author Sam Clarke
 */
code[class*="language-"],
pre[class*="language-"] {
  color: #333;
  background: none;
  font-family: Consolas, "Liberation Mono", Menlo, Courier, monospace;
  text-align: left;
  white-space: pre;
  word-spacing: normal;
  word-break: normal;
  word-wrap: normal;
  line-height: 1.4;

  -moz-tab-size: 8;
  -o-tab-size: 8;
  tab-size: 8;

  -webkit-hyphens: none;
  -moz-hyphens: none;
  -ms-hyphens: none;
  hyphens: none;
}

/* Code blocks */
pre[class*="language-"] {
  padding: .8em;
  overflow: auto;
  /* border: 1px solid #ddd; */
  border-radius: 3px;
  /* background: #fff; */
  background: #f5f5f5;
}

/* Inline code */
:not(pre) > code[class*="language-"] {
  padding: .1em;
  border-radius: .3em;
  white-space: normal;
  background: #f5f5f5;
}

.token.comment,
.token.blockquote {
  color: #969896;
}

.token.cdata {
  color: #183691;
}

.token.doctype,
.token.punctuation,
.token.variable,
.token.macro.property {
  color: #333;
}

.token.operator,
.token.important,
.token.keyword,
.token.rule,
.token.builtin {
  color: #a71d5d;
}

.token.string,
.token.url,
.token.regex,
.token.attr-value {
  color: #183691;
}

.token.property,
.token.number,
.token.boolean,
.token.entity,
.token.atrule,
.token.constant,
.token.symbol,
.token.command,
.token.code {
  color: #0086b3;
}

.token.tag,
.token.selector,
.token.prolog {
  color: #63a35c;
}

.token.function,
.token.namespace,
.token.pseudo-element,
.token.class,
.token.class-name,
.token.pseudo-class,
.token.id,
.token.url-reference .token.variable,
.token.attr-name {
  color: #795da3;
}

.token.entity {
  cursor: help;
}

.token.title,
.token.title .token.punctuation {
  font-weight: bold;
  color: #1d3e81;
}

.token.list {
  color: #ed6a43;
}

.token.inserted {
  background-color: #eaffea;
  color: #55a532;
}

.token.deleted {
  background-color: #ffecec;
  color: #bd2c00;
}

.token.bold {
  font-weight: bold;
}

.token.italic {
  font-style: italic;
}


/* JSON */
.language-json .token.property {
  color: #183691;
}

.language-markup .token.tag .token.punctuation {
  color: #333;
}

/* CSS */
code.language-css,
.language-css .token.function {
  color: #0086b3;
}

/* YAML */
.language-yaml .token.atrule {
  color: #63a35c;
}

code.language-yaml {
  color: #183691;
}

/* Ruby */
.language-ruby .token.function {
  color: #333;
}

/* Markdown */
.language-markdown .token.url {
  color: #795da3;
}

/* Makefile */
.language-makefile .token.symbol {
  color: #795da3;
}

.language-makefile .token.variable {
  color: #183691;
}

.language-makefile .token.builtin {
  color: #0086b3;
}

/* Bash */
.language-bash .token.keyword {
  color: #0086b3;
}

/* highlight */
pre[data-line] {
  position: relative;
  padding: 1em 0 1em 3em;
}
pre[data-line] .line-highlight-wrapper {
  position: absolute;
  top: 0;
  left: 0;
  background-color: transparent;
  display: block;
  width: 100%;
}

pre[data-line] .line-highlight {
  position: absolute;
  left: 0;
  right: 0;
  padding: inherit 0;
  margin-top: 1em;
  background: hsla(24, 20%, 50%,.08);
  background: linear-gradient(to right, hsla(24, 20%, 50%,.1) 70%, hsla(24, 20%, 50%,0));
  pointer-events: none;
  line-height: inherit;
  white-space: pre;
}

pre[data-line] .line-highlight:before, 
pre[data-line] .line-highlight[data-end]:after {
  content: attr(data-start);
  position: absolute;
  top: .4em;
  left: .6em;
  min-width: 1em;
  padding: 0 .5em;
  background-color: hsla(24, 20%, 50%,.4);
  color: hsl(24, 20%, 95%);
  font: bold 65%/1.5 sans-serif;
  text-align: center;
  vertical-align: .3em;
  border-radius: 999px;
  text-shadow: none;
  box-shadow: 0 1px white;
}

pre[data-line] .line-highlight[data-end]:after {
  content: attr(data-end);
  top: auto;
  bottom: .4em;
}html body{font-family:"Helvetica Neue",Helvetica,"Segoe UI",Arial,freesans,sans-serif;font-size:16px;line-height:1.6;color:#333;background-color:#fff;overflow:initial;box-sizing:border-box;word-wrap:break-word}html body>:first-child{margin-top:0}html body h1,html body h2,html body h3,html body h4,html body h5,html body h6{line-height:1.2;margin-top:1em;margin-bottom:16px;color:#000}html body h1{font-size:2.25em;font-weight:300;padding-bottom:.3em}html body h2{font-size:1.75em;font-weight:400;padding-bottom:.3em}html body h3{font-size:1.5em;font-weight:500}html body h4{font-size:1.25em;font-weight:600}html body h5{font-size:1.1em;font-weight:600}html body h6{font-size:1em;font-weight:600}html body h1,html body h2,html body h3,html body h4,html body h5{font-weight:600}html body h5{font-size:1em}html body h6{color:#5c5c5c}html body strong{color:#000}html body del{color:#5c5c5c}html body a:not([href]){color:inherit;text-decoration:none}html body a{color:#08c;text-decoration:none}html body a:hover{color:#00a3f5;text-decoration:none}html body img{max-width:100%}html body>p{margin-top:0;margin-bottom:16px;word-wrap:break-word}html body>ul,html body>ol{margin-bottom:16px}html body ul,html body ol{padding-left:2em}html body ul.no-list,html body ol.no-list{padding:0;list-style-type:none}html body ul ul,html body ul ol,html body ol ol,html body ol ul{margin-top:0;margin-bottom:0}html body li{margin-bottom:0}html body li.task-list-item{list-style:none}html body li>p{margin-top:0;margin-bottom:0}html body .task-list-item-checkbox{margin:0 .2em .25em -1.8em;vertical-align:middle}html body .task-list-item-checkbox:hover{cursor:pointer}html body blockquote{margin:16px 0;font-size:inherit;padding:0 15px;color:#5c5c5c;background-color:#f0f0f0;border-left:4px solid #d6d6d6}html body blockquote>:first-child{margin-top:0}html body blockquote>:last-child{margin-bottom:0}html body hr{height:4px;margin:32px 0;background-color:#d6d6d6;border:0 none}html body table{margin:10px 0 15px 0;border-collapse:collapse;border-spacing:0;display:block;width:100%;overflow:auto;word-break:normal;word-break:keep-all}html body table th{font-weight:bold;color:#000}html body table td,html body table th{border:1px solid #d6d6d6;padding:6px 13px}html body dl{padding:0}html body dl dt{padding:0;margin-top:16px;font-size:1em;font-style:italic;font-weight:bold}html body dl dd{padding:0 16px;margin-bottom:16px}html body code{font-family:Menlo,Monaco,Consolas,'Courier New',monospace;font-size:.85em !important;color:#000;background-color:#f0f0f0;border-radius:3px;padding:.2em 0}html body code::before,html body code::after{letter-spacing:-0.2em;content:"\00a0"}html body pre>code{padding:0;margin:0;font-size:.85em !important;word-break:normal;white-space:pre;background:transparent;border:0}html body .highlight{margin-bottom:16px}html body .highlight pre,html body pre{padding:1em;overflow:auto;font-size:.85em !important;line-height:1.45;border:#d6d6d6;border-radius:3px}html body .highlight pre{margin-bottom:0;word-break:normal}html body pre code,html body pre tt{display:inline;max-width:initial;padding:0;margin:0;overflow:initial;line-height:inherit;word-wrap:normal;background-color:transparent;border:0}html body pre code:before,html body pre tt:before,html body pre code:after,html body pre tt:after{content:normal}html body p,html body blockquote,html body ul,html body ol,html body dl,html body pre{margin-top:0;margin-bottom:16px}html body kbd{color:#000;border:1px solid #d6d6d6;border-bottom:2px solid #c7c7c7;padding:2px 4px;background-color:#f0f0f0;border-radius:3px}@media print{html body{background-color:#fff}html body h1,html body h2,html body h3,html body h4,html body h5,html body h6{color:#000;page-break-after:avoid}html body blockquote{color:#5c5c5c}html body pre{page-break-inside:avoid}html body table{display:table}html body img{display:block;max-width:100%;max-height:100%}html body pre,html body code{word-wrap:break-word;white-space:pre}}.markdown-preview{width:100%;height:100%;box-sizing:border-box}.markdown-preview .pagebreak,.markdown-preview .newpage{page-break-before:always}.markdown-preview pre.line-numbers{position:relative;padding-left:3.8em;counter-reset:linenumber}.markdown-preview pre.line-numbers>code{position:relative}.markdown-preview pre.line-numbers .line-numbers-rows{position:absolute;pointer-events:none;top:1em;font-size:100%;left:0;width:3em;letter-spacing:-1px;border-right:1px solid #999;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.markdown-preview pre.line-numbers .line-numbers-rows>span{pointer-events:none;display:block;counter-increment:linenumber}.markdown-preview pre.line-numbers .line-numbers-rows>span:before{content:counter(linenumber);color:#999;display:block;padding-right:.8em;text-align:right}.markdown-preview .mathjax-exps .MathJax_Display{text-align:center !important}.markdown-preview:not([for="preview"]) .code-chunk .btn-group{display:none}.markdown-preview:not([for="preview"]) .code-chunk .status{display:none}.markdown-preview:not([for="preview"]) .code-chunk .output-div{margin-bottom:16px}.scrollbar-style::-webkit-scrollbar{width:8px}.scrollbar-style::-webkit-scrollbar-track{border-radius:10px;background-color:transparent}.scrollbar-style::-webkit-scrollbar-thumb{border-radius:5px;background-color:rgba(150,150,150,0.66);border:4px solid rgba(150,150,150,0.66);background-clip:content-box}html body[for="html-export"]:not([data-presentation-mode]){position:relative;width:100%;height:100%;top:0;left:0;margin:0;padding:0;overflow:auto}html body[for="html-export"]:not([data-presentation-mode]) .markdown-preview{position:relative;top:0}@media screen and (min-width:914px){html body[for="html-export"]:not([data-presentation-mode]) .markdown-preview{padding:2em calc(50% - 457px + 2em)}}@media screen and (max-width:914px){html body[for="html-export"]:not([data-presentation-mode]) .markdown-preview{padding:2em}}@media screen and (max-width:450px){html body[for="html-export"]:not([data-presentation-mode]) .markdown-preview{font-size:14px !important;padding:1em}}@media print{html body[for="html-export"]:not([data-presentation-mode]) #sidebar-toc-btn{display:none}}html body[for="html-export"]:not([data-presentation-mode]) #sidebar-toc-btn{position:fixed;bottom:8px;left:8px;font-size:28px;cursor:pointer;color:inherit;z-index:99;width:32px;text-align:center;opacity:.4}html body[for="html-export"]:not([data-presentation-mode])[html-show-sidebar-toc] #sidebar-toc-btn{opacity:1}html body[for="html-export"]:not([data-presentation-mode])[html-show-sidebar-toc] .md-sidebar-toc{position:fixed;top:0;left:0;width:300px;height:100%;padding:32px 0 48px 0;font-size:14px;box-shadow:0 0 4px rgba(150,150,150,0.33);box-sizing:border-box;overflow:auto;background-color:inherit}html body[for="html-export"]:not([data-presentation-mode])[html-show-sidebar-toc] .md-sidebar-toc::-webkit-scrollbar{width:8px}html body[for="html-export"]:not([data-presentation-mode])[html-show-sidebar-toc] .md-sidebar-toc::-webkit-scrollbar-track{border-radius:10px;background-color:transparent}html body[for="html-export"]:not([data-presentation-mode])[html-show-sidebar-toc] .md-sidebar-toc::-webkit-scrollbar-thumb{border-radius:5px;background-color:rgba(150,150,150,0.66);border:4px solid rgba(150,150,150,0.66);background-clip:content-box}html body[for="html-export"]:not([data-presentation-mode])[html-show-sidebar-toc] .md-sidebar-toc a{text-decoration:none}html body[for="html-export"]:not([data-presentation-mode])[html-show-sidebar-toc] .md-sidebar-toc ul{padding:0 1.6em;margin-top:.8em}html body[for="html-export"]:not([data-presentation-mode])[html-show-sidebar-toc] .md-sidebar-toc li{margin-bottom:.8em}html body[for="html-export"]:not([data-presentation-mode])[html-show-sidebar-toc] .md-sidebar-toc ul{list-style-type:none}html body[for="html-export"]:not([data-presentation-mode])[html-show-sidebar-toc] .markdown-preview{left:300px;width:calc(100% -  300px);padding:2em calc(50% - 457px -  150px);margin:0;box-sizing:border-box}@media screen and (max-width:1274px){html body[for="html-export"]:not([data-presentation-mode])[html-show-sidebar-toc] .markdown-preview{padding:2em}}@media screen and (max-width:450px){html body[for="html-export"]:not([data-presentation-mode])[html-show-sidebar-toc] .markdown-preview{width:100%}}html body[for="html-export"]:not([data-presentation-mode]):not([html-show-sidebar-toc]) .markdown-preview{left:50%;transform:translateX(-50%)}html body[for="html-export"]:not([data-presentation-mode]):not([html-show-sidebar-toc]) .md-sidebar-toc{display:none}
/* Please visit the URL below for more information: */
/*   https://shd101wyy.github.io/markdown-preview-enhanced/#/customize-css */

      </style>
    </head>
    <body for="html-export">
      <div class="mume markdown-preview  ">
      <h1 class="mume-header" id="ecc%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BF%E5%8A%A0%E5%AF%86">ECC&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x52A0;&#x5BC6;</h1>

<p>&#x6CE8;: &#x672C;&#x535A;&#x6587;&#x662F;SEC1 V2&#x4E2D;&#x63CF;&#x8FF0;&#x7684;&#x692D;&#x5706;&#x52A0;&#x5BC6;&#x6807;&#x51C6;(&#x53C2;&#x8003;&#x8D44;&#x6599;[1]);</p>
<p><span id="toc"></span></p>
<ul>
<li><a href="#ecc%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BF%E5%8A%A0%E5%AF%86">ECC&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x52A0;&#x5BC6;</a>
<ul>
<li><a href="#%E6%95%B0%E5%AD%A6%E5%9F%BA%E7%A1%80toc">&#x6570;&#x5B66;&#x57FA;&#x7840;</a></li>
<li><a href="#%E6%95%B0%E6%8D%AE%E6%A0%BC%E5%BC%8F%E8%BD%AC%E6%8D%A2toc">&#x6570;&#x636E;&#x683C;&#x5F0F;&#x8F6C;&#x6362;</a>
<ul>
<li><a href="#%E4%BA%8C%E8%BF%9B%E5%88%B6%E7%BB%84%E5%92%8C%E5%85%AB%E4%BD%8D%E7%BB%84%E4%B9%8B%E9%97%B4%E7%9A%84%E8%BD%AC%E6%8D%A2toc">&#x4E8C;&#x8FDB;&#x5236;&#x7EC4;&#x548C;&#x516B;&#x4F4D;&#x7EC4;&#x4E4B;&#x95F4;&#x7684;&#x8F6C;&#x6362;</a></li>
<li><a href="#%E8%87%AA%E7%84%B6%E6%95%B0%E5%92%8C%E5%85%AB%E4%BD%8D%E7%BB%84%E4%B9%8B%E9%97%B4%E7%9A%84%E8%BD%AC%E6%8D%A2toc">&#x81EA;&#x7136;&#x6570;&#x548C;&#x516B;&#x4F4D;&#x7EC4;&#x4E4B;&#x95F4;&#x7684;&#x8F6C;&#x6362;</a></li>
<li><a href="#%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BF%E7%82%B9%E8%BD%AC%E6%8D%A2%E4%B8%BA%E5%85%AB%E4%BD%8D%E7%BB%84toc">&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x70B9;&#x8F6C;&#x6362;&#x4E3A;&#x516B;&#x4F4D;&#x7EC4;</a></li>
<li><a href="#%E5%85%AB%E4%BD%8D%E7%BB%84%E8%BD%AC%E6%8D%A2%E4%B8%BA%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BF%E7%82%B9toc">&#x516B;&#x4F4D;&#x7EC4;&#x8F6C;&#x6362;&#x4E3A;&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x70B9;</a></li>
</ul>
</li>
<li><a href="#%E5%8A%A0%E5%AF%86%E7%BB%84%E4%BB%B6toc">&#x52A0;&#x5BC6;&#x7EC4;&#x4EF6;</a>
<ul>
<li><a href="#%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BF%E5%9F%9F%E5%8F%82%E6%95%B0toc">&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x57DF;&#x53C2;&#x6570;</a>
<ul>
<li><a href="#%E7%BE%A4f_p%E4%B8%8A%E7%9A%84%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BF%E5%9F%9F%E5%8F%82%E6%95%B0toc">&#x7FA4;<span class="mathjax-exps">$F_p$</span>&#x4E0A;&#x7684;&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x57DF;&#x53C2;&#x6570;</a></li>
<li><a href="#%E6%9B%B2%E7%BA%BF%E7%AD%89%E5%BC%8F%E7%B3%BB%E6%95%B0%E5%92%8C%E5%9F%BA%E7%82%B9%E7%94%9F%E6%88%90toc">&#x66F2;&#x7EBF;&#x7B49;&#x5F0F;&#x7CFB;&#x6570;&#x548C;&#x57FA;&#x70B9;&#x751F;&#x6210;</a></li>
<li><a href="#%E7%BE%A4f_2m%E4%B8%8A%E7%9A%84%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BF%E5%9F%9F%E5%8F%82%E6%95%B0toc">&#x7FA4;<span class="mathjax-exps">$F_{2^m}$</span>&#x4E0A;&#x7684;&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x57DF;&#x53C2;&#x6570;</a></li>
<li><a href="#%E7%BE%A4f_p%E4%B8%8A%E7%9A%84%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BF%E5%9F%9F%E5%8F%82%E6%95%B0%E9%AA%8C%E8%AF%81toc">&#x7FA4;<span class="mathjax-exps">$F_p$</span>&#x4E0A;&#x7684;&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x57DF;&#x53C2;&#x6570;&#x9A8C;&#x8BC1;</a></li>
<li><a href="#%E7%BE%A4f_2m%E4%B8%8A%E7%9A%84%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BF%E5%9F%9F%E5%8F%82%E6%95%B0%E9%AA%8C%E8%AF%81toc">&#x7FA4;<span class="mathjax-exps">$F_{2^m}$</span>&#x4E0A;&#x7684;&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x57DF;&#x53C2;&#x6570;&#x9A8C;&#x8BC1;</a></li>
</ul>
</li>
<li><a href="#%E5%AF%86%E9%92%A5%E7%94%9F%E6%88%90toc">&#x5BC6;&#x94A5;&#x751F;&#x6210;</a>
<ul>
<li><a href="#%E5%85%AC%E9%92%A5%E9%AA%8C%E8%AF%81toc">&#x516C;&#x94A5;&#x9A8C;&#x8BC1;</a></li>
</ul>
</li>
<li><a href="#diffie-hellman%E5%8E%9F%E6%A0%B9toc">Diffie-Hellman&#x539F;&#x6839;</a></li>
<li><a href="#mqv%E5%8E%9F%E6%A0%B9toc">MQV&#x539F;&#x6839;</a></li>
</ul>
</li>
<li><a href="#%E7%AD%BE%E5%90%8D%E6%96%B9%E6%A1%88toc">&#x7B7E;&#x540D;&#x65B9;&#x6848;</a>
<ul>
<li><a href="#ecdsa%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BF%E6%95%B0%E5%AD%97%E6%9B%B2%E7%BA%BF%E7%AD%BE%E5%90%8D%E7%AE%97%E6%B3%95toc">ECDSA&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x6570;&#x5B57;&#x66F2;&#x7EBF;&#x7B7E;&#x540D;&#x7B97;&#x6CD5;</a></li>
</ul>
</li>
<li><a href="#%E5%8A%A0%E5%AF%86%E5%92%8C%E5%AF%86%E9%92%A5%E4%BC%A0%E8%BE%93%E6%96%B9%E6%A1%88toc">&#x52A0;&#x5BC6;&#x548C;&#x5BC6;&#x94A5;&#x4F20;&#x8F93;&#x65B9;&#x6848;</a>
<ul>
<li><a href="#ecies%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BF%E9%9B%86%E6%88%90%E5%8A%A0%E5%AF%86%E7%AE%97%E6%B3%95toc">ECIES&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x96C6;&#x6210;&#x52A0;&#x5BC6;&#x7B97;&#x6CD5;</a></li>
</ul>
</li>
<li><a href="#%E5%AF%86%E9%92%A5%E5%8D%8F%E5%95%86%E6%96%B9%E6%A1%88toc">&#x5BC6;&#x94A5;&#x534F;&#x5546;&#x65B9;&#x6848;</a>
<ul>
<li><a href="#%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BFdiffie-hellman%E6%96%B9%E6%A1%88toc">&#x692D;&#x5706;&#x66F2;&#x7EBF;Diffie-Hellman&#x65B9;&#x6848;</a></li>
<li><a href="#%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BFmqv%E6%96%B9%E6%A1%88toc">&#x692D;&#x5706;&#x66F2;&#x7EBF;MQV&#x65B9;&#x6848;</a></li>
</ul>
</li>
<li><a href="#%E5%8F%82%E8%80%83%E8%B5%84%E6%96%99toc">&#x53C2;&#x8003;&#x8D44;&#x6599;</a></li>
</ul>
</li>
</ul>
<h2 class="mume-header" id="%E6%95%B0%E5%AD%A6%E5%9F%BA%E7%A1%80toc"><a href="#toc">&#x6570;&#x5B66;&#x57FA;&#x7840;</a></h2>

<ul>
<li><a href="https://www.cnblogs.com/mengsuenyan/p/13156265.html">&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x52A0;&#x5BC6;&#x6570;&#x5B66;&#x57FA;&#x7840;</a>;</li>
<li><a href="https://www.cnblogs.com/mengsuenyan/p/12969712.html">&#x6570;&#x8BBA;&#x76F8;&#x5173;</a>;</li>
</ul>
<h2 class="mume-header" id="%E6%95%B0%E6%8D%AE%E6%A0%BC%E5%BC%8F%E8%BD%AC%E6%8D%A2toc"><a href="#toc">&#x6570;&#x636E;&#x683C;&#x5F0F;&#x8F6C;&#x6362;</a></h2>

<h3 class="mume-header" id="%E4%BA%8C%E8%BF%9B%E5%88%B6%E7%BB%84%E5%92%8C%E5%85%AB%E4%BD%8D%E7%BB%84%E4%B9%8B%E9%97%B4%E7%9A%84%E8%BD%AC%E6%8D%A2toc"><a href="#toc">&#x4E8C;&#x8FDB;&#x5236;&#x7EC4;&#x548C;&#x516B;&#x4F4D;&#x7EC4;&#x4E4B;&#x95F4;&#x7684;&#x8F6C;&#x6362;</a></h3>

<p>&#x8BB0;&#x6709;&#x4E00;&#x4E32;&#x4E8C;&#x8FDB;&#x5236;&#x4F4D;&#x8868;&#x793A;&#x7684;&#x6570;&#x636E;<span class="mathjax-exps">$B=B_0 B_1\dots B_{l-1}$</span>, &#x90A3;&#x4E48;&#x6309;&#x5982;&#x4E0B;&#x89C4;&#x5219;&#x8F6C;&#x4E3A;&#x516B;&#x4F4D;&#x7EC4;<span class="mathjax-exps">$\{M_i\}$</span>:</p>
<ul>
<li><span class="mathjax-exps">$r=l\mod 8, m=\lceil l/8 \rceil$</span>, &#x5728;<span class="mathjax-exps">$M_0$</span>&#x7684;&#x6700;&#x5DE6;&#x8FB9;&#x586B;&#x5145;<span class="mathjax-exps">$r$</span>&#x4E2A;0&#x4F4D;, &#x7136;&#x540E;&#x6309;&#x7167;&#x4ECE;&#x5DE6;&#x5F80;&#x53F3;&#x7684;&#x987A;&#x5E8F;&#x4F9D;&#x6B21;&#x5C06;<span class="mathjax-exps">$B_0 B_1\dots B_{l-1}$</span>&#x586B;&#x5145;&#x5230;<span class="mathjax-exps">$M_0 M_1 \dots M_m$</span>;</li>
</ul>
<p>&#x516B;&#x4F4D;&#x7EC4;<span class="mathjax-exps">$\{M_i\}$</span>&#x8F6C;&#x4E3A;<span class="mathjax-exps">$\{B_j\}$</span>: &#x5C06;&#x516B;&#x4F4D;&#x7EC4;&#x7684;&#x4E8C;&#x8FDB;&#x5236;&#x4F4D;&#x4ECE;&#x5DE6;&#x5F80;&#x53F3;&#x4E00;&#x6B21;&#x586B;&#x5145;&#x5230;<span class="mathjax-exps">$B_j$</span>, &#x8F6C;&#x6362;&#x540E;&#x7684;&#x4E8C;&#x8FDB;&#x5236;&#x7EC4;&#x7684;&#x4F4D;&#x957F;&#x5EA6;&#x4F4D;<span class="mathjax-exps">$8*m$</span>;</p>
<h3 class="mume-header" id="%E8%87%AA%E7%84%B6%E6%95%B0%E5%92%8C%E5%85%AB%E4%BD%8D%E7%BB%84%E4%B9%8B%E9%97%B4%E7%9A%84%E8%BD%AC%E6%8D%A2toc"><a href="#toc">&#x81EA;&#x7136;&#x6570;&#x548C;&#x516B;&#x4F4D;&#x7EC4;&#x4E4B;&#x95F4;&#x7684;&#x8F6C;&#x6362;</a></h3>

<p>&#x8BB0;&#x6709;&#x4E00;&#x81EA;&#x7136;&#x6570;<span class="mathjax-exps">$x$</span>, &#x6EE1;&#x8DB3;<span class="mathjax-exps">$2^{8(m-1)} \le x \lt 2^{8m}$</span>, &#x90A3;&#x4E48;&#x8F6C;&#x6362;&#x89C4;&#x5219;&#x5982;&#x4E0B;:</p>
<ul>
<li>&#x5C06;x&#x8F6C;&#x4E3A;&#x4E8C;&#x503C;&#x591A;&#x9879;&#x5F0F;&#x8868;&#x793A;<span class="mathjax-exps">$x=x_{m-1}2^{8(m-1)}+x_{m-2}2^{8(m-2)}+\dots +x_{1}2^8+x_0$</span>;</li>
<li><span class="mathjax-exps">$M_i=x_{m-1-i}, 0 \le i \le m-1$</span>;</li>
<li><span class="mathjax-exps">$x=\sum_{i=0}^{m-1}2^{8(m-1-i)}M_i$</span></li>
</ul>
<p>&#x7B80;&#x800C;&#x8A00;&#x4E4B;&#x662F;&#x5927;&#x7AEF;&#x5E8F;;</p>
<h3 class="mume-header" id="%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BF%E7%82%B9%E8%BD%AC%E6%8D%A2%E4%B8%BA%E5%85%AB%E4%BD%8D%E7%BB%84toc"><a href="#toc">&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x70B9;&#x8F6C;&#x6362;&#x4E3A;&#x516B;&#x4F4D;&#x7EC4;</a></h3>

<p>&#x8BB0;<span class="mathjax-exps">$P$</span>&#x662F;<span class="mathjax-exps">$E(F_q)$</span>&#x4E0A;&#x7684;&#x4E00;&#x70B9;, <span class="mathjax-exps">$M$</span>&#x8868;&#x793A;&#x516B;&#x4F4D;&#x7EC4;(&#x5176;&#x5B57;&#x8282;&#x957F;&#x5EA6;&#x8BB0;&#x4E3A;<span class="mathjax-exps">$m$</span>), &#x90A3;&#x4E48;&#x8F6C;&#x6362;&#x89C4;&#x5219;&#x5982;&#x4E0B;:</p>
<ul>
<li>&#x82E5;<span class="mathjax-exps">$P=\mathcal{O}$</span>, &#x90A3;&#x4E48;<span class="mathjax-exps">$M=0x00$</span>, <span class="mathjax-exps">$m=1$</span>;</li>
<li>&#x82E5;<span class="mathjax-exps">$P=(x,y)\ne\mathcal{O}$</span>&#x91C7;&#x7528;&#x70B9;&#x538B;&#x7F29;&#x7684;&#x65B9;&#x5F0F;&#x8868;&#x793A;, &#x90A3;&#x4E48;:
<ul>
<li>&#x5C06;&#x81EA;&#x7136;&#x6570;<span class="mathjax-exps">$x$</span>&#x8F6C;&#x4E3A;&#x516B;&#x4F4D;&#x7EC4;<span class="mathjax-exps">$X$</span></li>
<li>&#x82E5;<span class="mathjax-exps">$F_q=F_p$</span>, &#x90A3;&#x4E48;:
<ul>
<li><span class="mathjax-exps">$y_p = y \mod 2$</span>;</li>
</ul>
</li>
<li>&#x82E5;<span class="mathjax-exps">$F_q=F_{2^m}$</span>, &#x90A3;&#x4E48;:
<ul>
<li>&#x82E5;<span class="mathjax-exps">$x=0$</span>, &#x90A3;&#x4E48;<span class="mathjax-exps">$y_p=0$</span>. &#x5426;&#x5219;, &#x8BA1;&#x7B97;<span class="mathjax-exps">$z=z_{m-1}x^{m-1}+\cdots+z_1 x + z_0$</span>, &#x5176;&#x4E2D;<span class="mathjax-exps">$z=yx^{-1}$</span>, &#x5219;<span class="mathjax-exps">$y_p=z_0$</span>;</li>
</ul>
</li>
<li>&#x82E5;<span class="mathjax-exps">$y_p=0$</span>, &#x5219;<span class="mathjax-exps">$Y=0x02$</span>. &#x82E5;<span class="mathjax-exps">$y_p=1$</span>, &#x5219;<span class="mathjax-exps">$Y=0x03$</span>;</li>
<li>&#x5C06;<span class="mathjax-exps">$X$</span>&#x548C;<span class="mathjax-exps">$Y$</span>&#x62FC;&#x63A5;&#x4E3A;<span class="mathjax-exps">$M=Y||X$</span>, <span class="mathjax-exps">$m=\lceil (\log_2^q)/8 \rceil + 1$</span>;</li>
</ul>
</li>
<li>&#x82E5;<span class="mathjax-exps">$P=(x,y)\ne\mathcal{O}$</span>&#x4E0D;&#x91C7;&#x7528;&#x70B9;&#x538B;&#x7F29;&#x7684;&#x65B9;&#x5F0F;&#x8868;&#x793A;, &#x90A3;&#x4E48;:
<ul>
<li>&#x5C06;&#x81EA;&#x7136;&#x6570;<span class="mathjax-exps">$x$</span>&#x8F6C;&#x4E3A;&#x516B;&#x4F4D;&#x7EC4;<span class="mathjax-exps">$X$</span>;</li>
<li>&#x5C06;&#x81EA;&#x7136;&#x6570;<span class="mathjax-exps">$y$</span>&#x8F6C;&#x4E3A;&#x516B;&#x4F4D;&#x7EC4;<span class="mathjax-exps">$Y$</span>;</li>
<li>&#x5C06;<span class="mathjax-exps">$X$</span>&#x548C;<span class="mathjax-exps">$Y$</span>&#x62FC;&#x63A5;&#x4E3A;<span class="mathjax-exps">$M=0x04||X||Y$</span>, <span class="mathjax-exps">$m=2\lceil (log_2^q)/8 \rceil + 1$</span>;</li>
</ul>
</li>
</ul>
<h3 class="mume-header" id="%E5%85%AB%E4%BD%8D%E7%BB%84%E8%BD%AC%E6%8D%A2%E4%B8%BA%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BF%E7%82%B9toc"><a href="#toc">&#x516B;&#x4F4D;&#x7EC4;&#x8F6C;&#x6362;&#x4E3A;&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x70B9;</a></h3>

<p>&#x8BB0;<span class="mathjax-exps">$P$</span>&#x662F;<span class="mathjax-exps">$E(F_q)$</span>&#x4E0A;&#x7684;&#x4E00;&#x70B9;, <span class="mathjax-exps">$M$</span>&#x8868;&#x793A;&#x516B;&#x4F4D;&#x7EC4;(&#x5176;&#x5B57;&#x8282;&#x957F;&#x5EA6;&#x8BB0;&#x4E3A;<span class="mathjax-exps">$m$</span>), &#x90A3;&#x4E48;&#x8F6C;&#x6362;&#x89C4;&#x5219;&#x5982;&#x4E0B;:</p>
<ul>
<li>&#x82E5;<span class="mathjax-exps">$M=0x00$</span>, &#x5219;<span class="mathjax-exps">$P=\mathcal{O}$</span>;</li>
<li>&#x82E5;<span class="mathjax-exps">$m=\lceil (log_2^q)/8 \rceil + 1$</span>, &#x90A3;&#x4E48;:
<ul>
<li>&#x90A3;&#x4E48;&#x5C06;<span class="mathjax-exps">$M$</span>&#x8868;&#x793A;&#x4E3A;<span class="mathjax-exps">$M=Y||X$</span>, <span class="mathjax-exps">$Y$</span>&#x662F;&#x6700;&#x5DE6;&#x8FB9;&#x7684;&#x4E00;&#x4E2A;&#x5B57;&#x8282;, <span class="mathjax-exps">$X$</span>&#x662F;&#x540E;&#x7EED;&#x5B57;&#x8282;;</li>
<li>&#x5C06;<span class="mathjax-exps">$X$</span>&#x8F6C;&#x6362;&#x4E3A;&#x81EA;&#x7136;&#x6570;<span class="mathjax-exps">$x$</span>;</li>
<li>&#x82E5;<span class="mathjax-exps">$Y=0x02$</span>, &#x7F6E;<span class="mathjax-exps">$y_p=0$</span>, <span class="mathjax-exps">$Y=0x03$</span>, &#x7F6E;<span class="mathjax-exps">$y_p=1$</span>;</li>
<li>&#x82E5;<span class="mathjax-exps">$F_q=F_p$</span>, &#x90A3;&#x4E48;:
<ul>
<li>&#x8BA1;&#x7B97;&#x7FA4;&#x5143;&#x7D20;<span class="mathjax-exps">$\alpha \equiv x^3+ax+b \mod p$</span>, &#x8BA1;&#x7B97;<span class="mathjax-exps">$\beta=\sqrt{\alpha} \mod p$</span>(&#x4E0D;&#x80FD;&#x8BA1;&#x7B97;&#x51FA;<span class="mathjax-exps">$\beta \in F_q$</span>&#x5219;&#x8F6C;&#x6362;&#x5931;&#x8D25;);</li>
<li>&#x82E5;<span class="mathjax-exps">$\beta\equiv y_p \mod 2$</span>, &#x90A3;&#x4E48;<span class="mathjax-exps">$y=\beta$</span>;</li>
<li>&#x82E5;<span class="mathjax-exps">$\beta\not\equiv y_p \mod 2$</span>, &#x90A3;&#x4E48;<span class="mathjax-exps">$y=p-\beta$</span>;</li>
</ul>
</li>
<li>&#x82E5;<span class="mathjax-exps">$F_q=F_{2^m}$</span>, &#x90A3;&#x4E48;:
<ul>
<li>&#x82E5;<span class="mathjax-exps">$x=0$</span>, &#x90A3;&#x4E48;<span class="mathjax-exps">$y=b^{2^{m-1}}\ in\ F_{2^m}$</span></li>
<li>&#x82E5;<span class="mathjax-exps">$x\ne0$</span>, &#x8BA1;&#x7B97;<span class="mathjax-exps">$\beta=x_p+a+bx^{-2}\ in\ F_{2^m}$</span>, &#x5728;&#x6C42;<span class="mathjax-exps">$z^2+z=\beta$</span>&#x7684;&#x89E3;<span class="mathjax-exps">$z$</span>, &#x5C06;<span class="mathjax-exps">$z$</span>&#x8868;&#x793A;&#x4E3A;&#x4E8C;&#x503C;&#x591A;&#x9879;&#x5F0F;<span class="mathjax-exps">$z=z_{m-1}x^{m-1}+\cdots+z_1x^1+z_0$</span>(&#x4E0D;&#x80FD;&#x8BA1;&#x7B97;&#x51FA;<span class="mathjax-exps">$z$</span>&#x5219;&#x8F6C;&#x6362;&#x5931;&#x8D25;);</li>
<li>&#x82E5;<span class="mathjax-exps">$z_0=y_p$</span>, &#x90A3;&#x4E48;<span class="mathjax-exps">$y=xz\ in\ F_{2^m}$</span>;</li>
<li>&#x82E5;<span class="mathjax-exps">$z_0\ne y_p$</span>, &#x90A3;&#x4E48;<span class="mathjax-exps">$y=x(z+1)\ in\ F_{2^m}$</span>;</li>
</ul>
</li>
<li><span class="mathjax-exps">$P=(x,y)$</span>;</li>
</ul>
</li>
<li>&#x82E5;<span class="mathjax-exps">$m=2\lceil (log_2^q)/8 \rceil + 1$</span>, &#x90A3;&#x4E48;:
<ul>
<li>&#x90A3;&#x4E48;&#x5C06;<span class="mathjax-exps">$M$</span>&#x8868;&#x793A;&#x4E3A;<span class="mathjax-exps">$M=W||X||Y$</span>, <span class="mathjax-exps">$W$</span>&#x662F;&#x6700;&#x5DE6;&#x8FB9;&#x7684;&#x4E00;&#x4E2A;&#x5B57;&#x8282;, <span class="mathjax-exps">$X$</span>&#x662F;&#x540E;&#x7EED;<span class="mathjax-exps">$\lceil log_2^q \rceil$</span>&#x5B57;&#x8282;, <span class="mathjax-exps">$Y$</span>&#x662F;&#x540E;&#x7EED;&#x7684;<span class="mathjax-exps">$\lceil log_2^q \rceil$</span>&#x5B57;&#x8282;;</li>
<li>&#x68C0;&#x67E5;<span class="mathjax-exps">$W=0x04$</span>;</li>
<li>&#x5C06;<span class="mathjax-exps">$X$</span>&#x8F6C;&#x6362;&#x4E3A;&#x81EA;&#x7136;&#x6570;<span class="mathjax-exps">$x$</span>;</li>
<li>&#x5C06;<span class="mathjax-exps">$Y$</span>&#x8F6C;&#x6362;&#x4E3A;&#x81EA;&#x7136;&#x6570;<span class="mathjax-exps">$y$</span></li>
<li>&#x68C0;&#x67E5;<span class="mathjax-exps">$(x,y)$</span>&#x662F;&#x5426;&#x6EE1;&#x8DB3;&#x5B9A;&#x4E49;&#x7684;&#x66F2;&#x7EBF;&#x516C;&#x5F0F;;</li>
<li><span class="mathjax-exps">$P=(x,y)$</span>;</li>
</ul>
</li>
</ul>
<h2 class="mume-header" id="%E5%8A%A0%E5%AF%86%E7%BB%84%E4%BB%B6toc"><a href="#toc">&#x52A0;&#x5BC6;&#x7EC4;&#x4EF6;</a></h2>

<h3 class="mume-header" id="%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BF%E5%9F%9F%E5%8F%82%E6%95%B0toc"><a href="#toc">&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x57DF;&#x53C2;&#x6570;</a></h3>

<h4 class="mume-header" id="%E7%BE%A4f_p%E4%B8%8A%E7%9A%84%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BF%E5%9F%9F%E5%8F%82%E6%95%B0toc"><a href="#toc">&#x7FA4;<span class="mathjax-exps">$F_p$</span>&#x4E0A;&#x7684;&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x57DF;&#x53C2;&#x6570;</a></h4>

<p>&#x7FA4;<span class="mathjax-exps">$F_p$</span>&#x4E0A;&#x7684;&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x57DF;&#x53C2;&#x6570;&#x4E3A;<span class="mathjax-exps">$T=(p,a,b,G,n,h)$</span>. &#x8BB0;&#x6709;&#x4EE5;&#x4E8C;&#x8FDB;&#x5236;&#x4F4D;&#x6570;&#x8868;&#x793A;&#x7684;&#x8FD1;&#x4F3C;&#x52A0;&#x5BC6;&#x5B89;&#x5168;&#x7EA7;&#x522B;<span class="mathjax-exps">$t, t\in \{80,112,128,192,256\}$</span>, <span class="mathjax-exps">$a$</span>&#x548C;&#x53EF;&#x9009;&#x7684;&#x516B;&#x4F4D;&#x7EC4;&#x8868;&#x793A;&#x7684;&#x968F;&#x673A;&#x6570;<span class="mathjax-exps">$S$</span>&#x4F5C;&#x4E3A;&#x8F93;&#x5165;, &#x5219;&#x57DF;&#x53C2;&#x6570;&#x8BA1;&#x7B97;&#x5982;&#x4E0B;:</p>
<ul>
<li>&#x5F53;&#x6709;&#x8F93;&#x5165;<span class="mathjax-exps">$t$</span>, &#x5219;&#x8D28;&#x6570;<span class="mathjax-exps">$p$</span>&#x7684;&#x9009;&#x62E9;&#x6EE1;&#x8DB3;&#x6620;&#x5C04;<span class="mathjax-exps">$t\rightarrow \lceil log_2(p) \rceil, \{80\rightarrow 192, 112\rightarrow 224, 128\rightarrow 256, 192\rightarrow 384, 256\rightarrow 521\}$</span>;</li>
<li><span class="mathjax-exps">$n$</span>&#x8868;&#x793A;&#x57FA;&#x70B9;<span class="mathjax-exps">$G$</span>&#x7684;&#x9636;&#x6570;;</li>
<li><span class="mathjax-exps">$h=\#E(F_p) / n$</span>;</li>
<li>&#x82E5;&#x672A;&#x63D0;&#x4F9B;&#x968F;&#x673A;&#x6570;<span class="mathjax-exps">$S$</span>, &#x5219;&#x4ECE;&#x7FA4;<span class="mathjax-exps">$F_p$</span>&#x548C;<span class="mathjax-exps">$E(F_p)$</span>&#x4E2D;&#x9009;&#x62E9;&#x7684;&#x66F2;&#x7EBF;&#x7B49;&#x5F0F;&#x7CFB;&#x6570;<span class="mathjax-exps">$b$</span>, &#x57FA;&#x70B9;<span class="mathjax-exps">$G$</span>&#x9700;&#x6EE1;&#x8DB3;&#x5982;&#x4E0B;&#x6761;&#x4EF6;:
<ul>
<li><span class="mathjax-exps">$4a^3+27b^2\not\equiv 0 \mod p$</span>;</li>
<li><span class="mathjax-exps">$\#(E(F_p)) \ne p$</span>;</li>
<li><span class="mathjax-exps">$\forall B\in [1,100), p^B\not\equiv1 \mod n$</span>;</li>
<li><span class="mathjax-exps">$h\le 2^{t/8}$</span>;</li>
<li><span class="mathjax-exps">$n-1$</span>&#x548C;<span class="mathjax-exps">$n+1$</span>&#x7684;&#x6700;&#x5927;&#x516C;&#x56E0;&#x5B50;<span class="mathjax-exps">$r$</span>&#x6EE1;&#x8DB3;<span class="mathjax-exps">$log_2(r)\gt \frac{19}{20}$</span>;</li>
</ul>
</li>
<li>&#x82E5;&#x63D0;&#x4F9B;&#x4E86;&#x968F;&#x673A;&#x6570;<span class="mathjax-exps">$S$</span>, &#x5219;&#x6309;&#x7167;&#x4E0B;&#x4E00;&#x8282;&#x7684;&#x89C4;&#x5219;&#x751F;&#x6210;&#x66F2;&#x7EBF;&#x7B49;&#x5F0F;&#x7CFB;&#x6570;&#x548C;&#x57FA;&#x70B9;;</li>
</ul>
<h4 class="mume-header" id="%E6%9B%B2%E7%BA%BF%E7%AD%89%E5%BC%8F%E7%B3%BB%E6%95%B0%E5%92%8C%E5%9F%BA%E7%82%B9%E7%94%9F%E6%88%90toc"><a href="#toc">&#x66F2;&#x7EBF;&#x7B49;&#x5F0F;&#x7CFB;&#x6570;&#x548C;&#x57FA;&#x70B9;&#x751F;&#x6210;</a></h4>

<ul>
<li>
<p>&#x82E5;&#x63D0;&#x4F9B;&#x4E86;&#x968F;&#x673A;&#x6570;&#x516B;&#x4F4D;&#x7EC4;&#x4E3A;<span class="mathjax-exps">$S$</span>, &#x8BB0;<span class="mathjax-exps">$S$</span>&#x7684;&#x4F4D;&#x957F;&#x5EA6;&#x4E3A;<span class="mathjax-exps">$g$</span>, &#x53CA;&#x6709;&#x54C8;&#x5E0C;&#x51FD;&#x6570;<span class="mathjax-exps">$Hash$</span>(&#x54C8;&#x5E0C;&#x8F93;&#x51FA;&#x4F4D;&#x957F;&#x5EA6;&#x4E3A;<span class="mathjax-exps">$l$</span>), &#x53CA;&#x7FA4;&#x7684;&#x9636;&#x4E3A;<span class="mathjax-exps">$q$</span>:</p>
<ul>
<li>&#x8BB0;<span class="mathjax-exps">$m=\lceil log_2(p) \rceil, s=\lfloor (m-1)/l \rfloor, k=m-sl - (q\mod 2)$</span>;</li>
<li>&#x5C06;&#x516B;&#x4F4D;&#x7EC4;<span class="mathjax-exps">$S$</span>&#x8F6C;&#x4E3A;&#x5927;&#x6574;&#x6570;<span class="mathjax-exps">$s_0$</span>;</li>
<li>&#x4ECE;j=0&#x8FED;&#x4EE3;&#x8BA1;&#x7B97;&#x5982;&#x4E0B;&#x6B65;&#x9AA4;s&#x6B21;:
<ul>
<li><span class="mathjax-exps">$s_j = s_0 + j \mod 2^g$</span>;</li>
<li>&#x5C06;&#x5927;&#x6574;&#x6570;<span class="mathjax-exps">$s_j$</span>&#x518D;&#x8F6C;&#x6362;&#x4E3A;&#x957F;&#x5EA6;&#x4E3A;<span class="mathjax-exps">$g/8$</span>&#x7684;&#x516B;&#x4F4D;&#x7EC4;<span class="mathjax-exps">$S_j$</span>;</li>
<li><span class="mathjax-exps">$H_j = Hash(S_j)$</span>;</li>
<li>&#x5C06;<span class="mathjax-exps">$H_j$</span>&#x8F6C;&#x6362;&#x4E3A;&#x5927;&#x6574;&#x6570;<span class="mathjax-exps">$e_j$</span>;</li>
</ul>
</li>
<li><span class="mathjax-exps">$e=e_0 2^{ls} + e_1 2^{l(s-1)}+\dots + e_s \mod 2^{k+sl}$</span>;</li>
<li>&#x82E5;<span class="mathjax-exps">$q \mod 2 = 0$</span>:
<ul>
<li><span class="mathjax-exps">$e=0$</span>, &#x5219;&#x672C;&#x6B21;&#x8BA1;&#x7B97;&#x5931;&#x8D25;, &#x63D0;&#x4F9B;&#x65B0;&#x7684;&#x968F;&#x673A;&#x6570;, &#x8FDB;&#x884C;&#x4E0B;&#x4E00;&#x6B21;&#x8BA1;&#x7B97;;</li>
<li><span class="mathjax-exps">$e\ne 0$</span>, &#x5219;<span class="mathjax-exps">$b=e$</span>;</li>
</ul>
</li>
<li>&#x82E5;<span class="mathjax-exps">$q \mod 2 = 1$</span>:
<ul>
<li><span class="mathjax-exps">$a=0$</span> or <span class="mathjax-exps">$4e+27\equiv0 \mod q$</span> or <span class="mathjax-exps">$\sqrt{\frac{a^3}{r}} \mod q \not\in F_q$</span>:
<ul>
<li>&#x672C;&#x6B21;&#x8BA1;&#x7B97;&#x5931;&#x8D25;, &#x63D0;&#x4F9B;&#x65B0;&#x7684;&#x968F;&#x673A;&#x6570;, &#x8FDB;&#x884C;&#x4E0B;&#x4E00;&#x6B21;&#x8BA1;&#x7B97;;</li>
<li><span class="mathjax-exps">$b=\sqrt{\frac{a^3}{r}} \mod q$</span></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
<li>
<p>&#x7F6E;<span class="mathjax-exps">$A=0x421736520706f696e74$</span>(&quot;Base Point&quot;&#x7684;ASCII), <span class="mathjax-exps">$B=0x01$</span>;</p>
</li>
<li>
<p>&#x4ECE;<span class="mathjax-exps">$c=1$</span>&#x5F00;&#x59CB;&#x8FED;&#x4EE3;&#x5FAA;&#x73AF;, &#x6BCF;&#x6B21;&#x8FED;&#x4EE3;<span class="mathjax-exps">$c=c+1$</span>:</p>
<ul>
<li>&#x5C06;&#x6574;&#x6570;<span class="mathjax-exps">$c$</span>&#x8F6C;&#x6362;&#x4E3A;&#x957F;&#x5EA6;&#x4E3A;<span class="mathjax-exps">$1+\lfloor log_{256}(c) \rfloor$</span>&#x7684;&#x516B;&#x4F4D;&#x7EC4;<span class="mathjax-exps">$C$</span>;</li>
<li>&#x8BA1;&#x7B97;&#x54C8;&#x5E0C;&#x503C;<span class="mathjax-exps">$H=Hash(A||B||C||S)$</span>;</li>
<li>&#x5C06;<span class="mathjax-exps">$H$</span>&#x8F6C;&#x4E3A;&#x5927;&#x6574;&#x6570;<span class="mathjax-exps">$e, k=e\mod 2q, u=k\mod q, z=\lfloor k/q \rfloor$</span>;</li>
<li>&#x5C06;<span class="mathjax-exps">$u$</span>&#x8F6C;&#x4E3A;&#x5927;&#x6574;&#x6570;<span class="mathjax-exps">$x$</span>;</li>
<li>&#x6309;<span class="mathjax-exps">$(x,z)$</span>&#x70B9;&#x538B;&#x7F29;&#x7684;&#x65B9;&#x5F0F;, &#x5C06;z&#x4F5C;&#x4E3A;<span class="mathjax-exps">$Y$</span>&#x6765;&#x89E3;&#x6790;<span class="mathjax-exps">$y$</span>, &#x5982;&#x679C;&#x5F97;&#x5230;&#x5408;&#x6CD5;&#x7684;<span class="mathjax-exps">$y$</span>:
<ul>
<li><span class="mathjax-exps">$G = h(x,y)$</span>;</li>
</ul>
</li>
<li>&#x5982;&#x679C;&#x5F97;&#x5230;&#x7684;&#x662F;&#x4E0D;&#x5408;&#x6CD5;&#x7684;<span class="mathjax-exps">$y$</span>, &#x90A3;&#x4E48;&#x7EE7;&#x7EED;&#x8FED;&#x4EE3;;</li>
</ul>
</li>
</ul>
<p>&#x6CE8;: &#x8BE5;&#x6807;&#x51C6;&#x4E2D;&#x91C7;&#x7528;<a href="https://www.cnblogs.com/mengsuenyan/p/12697811.html">SHA&#x7B97;&#x6CD5;</a>&#x4F5C;&#x4E3A;Hash&#x51FD;&#x6570;&#x6765;&#x6563;&#x5217;&#x6570;&#x636E;;</p>
<h4 class="mume-header" id="%E7%BE%A4f_2m%E4%B8%8A%E7%9A%84%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BF%E5%9F%9F%E5%8F%82%E6%95%B0toc"><a href="#toc">&#x7FA4;<span class="mathjax-exps">$F_{2^m}$</span>&#x4E0A;&#x7684;&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x57DF;&#x53C2;&#x6570;</a></h4>

<p>&#x7FA4;<span class="mathjax-exps">$F_{2^m}$</span>&#x4E0A;&#x7684;&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x57DF;&#x53C2;&#x6570;&#x4E3A;<span class="mathjax-exps">$T=(m,f(x),a,b,G,n,h)$</span>, &#x8BB0;&#x6709;&#x8F93;&#x5165;<span class="mathjax-exps">$t, t\in{80, 112, 128, 192, 256}$</span>&#x548C;&#x53EF;&#x9009;&#x7684;&#x968F;&#x673A;&#x6570;<span class="mathjax-exps">$S$</span>, &#x53CA;&#x7CFB;&#x6570;<span class="mathjax-exps">$a$</span>, &#x90A3;&#x4E48;&#x57DF;&#x53C2;&#x6570;&#x8BA1;&#x7B97;&#x89C4;&#x5219;&#x5982;&#x4E0B;:</p>
<ul>
<li>&#x4ECE;<span class="mathjax-exps">$\{112,128,192,256,512\}$</span>&#x4E2D;&#x9009;&#x62E9;&#x4E00;&#x4E2A;&#x5927;&#x4E8E;<span class="mathjax-exps">$t$</span>&#x7684;&#x6700;&#x5C0F;&#x6574;&#x6570;<span class="mathjax-exps">$t&apos;$</span>, &#x7136;&#x540E;&#x4ECE;<span class="mathjax-exps">$\{163,233,239,283,409,571\}$</span>&#x4E2D;&#x9009;&#x62E9;&#x4E00;&#x4E2A;&#x6EE1;&#x8DB3;<span class="mathjax-exps">$2t\lt m \lt 2t&apos;$</span>&#x7684;&#x6574;&#x6570;&#x4F5C;&#x4E3A;<span class="mathjax-exps">$m$</span>;</li>
<li>&#x4ECE;&#x4E0B;&#x8868;&#x4E2D;&#x9009;&#x62E9;&#x4E00;&#x4E2A;&#x4E0D;&#x53EF;&#x89C4;&#x7EA6;&#x7684;&#x4E8C;&#x503C;&#x591A;&#x9879;&#x5F0F;<span class="mathjax-exps">$f(x)$</span>;</li>
<li><span class="mathjax-exps">$n$</span>&#x8868;&#x793A;&#x57FA;&#x70B9;<span class="mathjax-exps">$G$</span>&#x7684;&#x9636;&#x6570;;</li>
<li><span class="mathjax-exps">$h=\#E(F_p) / n$</span>;</li>
<li>&#x82E5;&#x672A;&#x63D0;&#x4F9B;&#x968F;&#x673A;&#x6570;<span class="mathjax-exps">$S$</span>, &#x5219;&#x4ECE;&#x7FA4;<span class="mathjax-exps">$F_p$</span>&#x548C;<span class="mathjax-exps">$E(F_p)$</span>&#x4E2D;&#x9009;&#x62E9;&#x7684;&#x66F2;&#x7EBF;&#x7B49;&#x5F0F;&#x7CFB;&#x6570;<span class="mathjax-exps">$b$</span>, &#x57FA;&#x70B9;<span class="mathjax-exps">$G$</span>&#x9700;&#x6EE1;&#x8DB3;&#x5982;&#x4E0B;&#x6761;&#x4EF6;:
<ul>
<li><span class="mathjax-exps">$q=2^m$</span>;</li>
<li><span class="mathjax-exps">$b \mod q \not\equiv 0$</span>;</li>
<li><span class="mathjax-exps">$\#E(F_{2^m})\ne 2^m$</span>;</li>
<li><span class="mathjax-exps">$\forall B \in [1,100m), 2^B\not\equiv 1 \mod n$</span>;</li>
<li><span class="mathjax-exps">$h\le 2^{t/8}$</span>;</li>
<li><span class="mathjax-exps">$n-1$</span>&#x548C;<span class="mathjax-exps">$n+1$</span>&#x7684;&#x6700;&#x5927;&#x516C;&#x56E0;&#x5B50;<span class="mathjax-exps">$r$</span>&#x6EE1;&#x8DB3;<span class="mathjax-exps">$log_2(r)\gt \frac{19}{20}$</span>;</li>
</ul>
</li>
<li>&#x82E5;&#x63D0;&#x4F9B;&#x4E86;&#x968F;&#x673A;&#x6570;<span class="mathjax-exps">$S$</span>, &#x5219;&#x6309;&#x7167;&#x4E0A;&#x4E00;&#x8282;&#x7684;&#x89C4;&#x5219;&#x751F;&#x6210;&#x66F2;&#x7EBF;&#x7B49;&#x5F0F;&#x7CFB;&#x6570;&#x548C;&#x57FA;&#x70B9;;</li>
</ul>
<p>&#x8868;1: <span class="mathjax-exps">$F_{2^m}$</span>&#x7EA6;&#x5316;&#x591A;&#x9879;&#x5F0F;&#x8868;:</p>
<table>
<thead>
<tr>
<th style="text-align:center">&#x7FA4;</th>
<th style="text-align:center">&#x7EA6;&#x5316;&#x591A;&#x9879;&#x5F0F;</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align:center"><span class="mathjax-exps">$F_{2^{163}}$</span></td>
<td style="text-align:center"><span class="mathjax-exps">$f(x)=x^{163}+x^{7}+x^6+x^3+1$</span></td>
</tr>
<tr>
<td style="text-align:center"><span class="mathjax-exps">$F_{2^{233}}$</span></td>
<td style="text-align:center"><span class="mathjax-exps">$f(x)=x^{233}+x^{74}+1$</span></td>
</tr>
<tr>
<td style="text-align:center"><span class="mathjax-exps">$F_{2^{239}}$</span></td>
<td style="text-align:center"><span class="mathjax-exps">$f(x)=x^{239}+x^{36}+1$</span> or <span class="mathjax-exps">$x^{239}+x^{158}+1$</span></td>
</tr>
<tr>
<td style="text-align:center"><span class="mathjax-exps">$F_{2^{283}}$</span></td>
<td style="text-align:center"><span class="mathjax-exps">$f(x)=x^{283}+x^{12}+x^{7}+x^{5}+1$</span></td>
</tr>
<tr>
<td style="text-align:center"><span class="mathjax-exps">$F_{2^{409}}$</span></td>
<td style="text-align:center"><span class="mathjax-exps">$f(x)=x^{409}+x^{87}+1$</span></td>
</tr>
<tr>
<td style="text-align:center"><span class="mathjax-exps">$F_{2^{571}}$</span></td>
<td style="text-align:center"><span class="mathjax-exps">$f(x)=x^{571}+x^{10}+x^{5}+x^{2}+1$</span></td>
</tr>
</tbody>
</table>
<h4 class="mume-header" id="%E7%BE%A4f_p%E4%B8%8A%E7%9A%84%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BF%E5%9F%9F%E5%8F%82%E6%95%B0%E9%AA%8C%E8%AF%81toc"><a href="#toc">&#x7FA4;<span class="mathjax-exps">$F_p$</span>&#x4E0A;&#x7684;&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x57DF;&#x53C2;&#x6570;&#x9A8C;&#x8BC1;</a></h4>

<p>&#x8BB0;&#x6709;&#x57DF;&#x53C2;&#x6570;<span class="mathjax-exps">$T=(p,a,b,G,n,h)$</span>, &#x5219;&#x8BE5;&#x57DF;&#x53C2;&#x6570;&#x9700;&#x8981;&#x6EE1;&#x8DB3;&#x4EE5;&#x4E0B;&#x6761;&#x4EF6;:</p>
<ul>
<li>&#x8D28;&#x6570;<span class="mathjax-exps">$p$</span>&#x7684;&#x9009;&#x62E9;&#x6EE1;&#x8DB3;&#x6620;&#x5C04;<span class="mathjax-exps">$t\rightarrow \lceil log_2(p) \rceil, \{80\rightarrow 192, 112\rightarrow 224, 128\rightarrow 256, 192\rightarrow 384, 256\rightarrow 521\}$</span>;</li>
<li><span class="mathjax-exps">$a,b,G=(x,y)$</span>&#x662F;&#x533A;&#x95F4;<span class="mathjax-exps">$[0, p-1]$</span>&#x4E4B;&#x95F4;&#x7684;&#x6574;&#x6570;;</li>
<li><span class="mathjax-exps">$4a^3 + 27b^2 \not\equiv 0 \mod p$</span>;</li>
<li><span class="mathjax-exps">$y^3 = x^3 + ax^2 + b \mod p$</span>;</li>
<li><span class="mathjax-exps">$n, n\ne p$</span>&#x662F;&#x4E00;&#x4E2A;&#x7D20;&#x6570;;</li>
<li><span class="mathjax-exps">$h\le 2^{t/8}, h=\lfloor (\sqrt{q}+1)^2/n \rfloor$</span>;</li>
<li><span class="mathjax-exps">$nG=\mathcal{O}$</span>;</li>
<li><span class="mathjax-exps">$\forall B \in [1,100), p^B \not\equiv 1 \mod n$</span>;</li>
</ul>
<h4 class="mume-header" id="%E7%BE%A4f_2m%E4%B8%8A%E7%9A%84%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BF%E5%9F%9F%E5%8F%82%E6%95%B0%E9%AA%8C%E8%AF%81toc"><a href="#toc">&#x7FA4;<span class="mathjax-exps">$F_{2^m}$</span>&#x4E0A;&#x7684;&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x57DF;&#x53C2;&#x6570;&#x9A8C;&#x8BC1;</a></h4>

<p>&#x8BB0;&#x6709;&#x57DF;&#x53C2;&#x6570;<span class="mathjax-exps">$T=(m,f(x),a,b,G,n,h)$</span>, &#x5219;&#x8BE5;&#x57DF;&#x53C2;&#x6570;&#x9700;&#x8981;&#x6EE1;&#x8DB3;&#x5982;&#x4E0B;&#x6761;&#x4EF6;:</p>
<ul>
<li><span class="mathjax-exps">$2t \lt m \lt 2t&apos;$</span>;</li>
<li><span class="mathjax-exps">$f(x)$</span>&#x9700;&#x8981;&#x548C;&#x8868;1&#x4E2D;&#x6240;&#x5217;&#x4E00;&#x81F4;;</li>
<li><span class="mathjax-exps">$a,b,G=(x,y)$</span>&#x5C0F;&#x4E8E;<span class="mathjax-exps">$2^m$</span>;</li>
<li><span class="mathjax-exps">$b\not\equiv 0 \mod 2^m$</span>;</li>
<li><span class="mathjax-exps">$y^2+xy=x^3+ax^2+b$</span>;</li>
<li><span class="mathjax-exps">$n$</span>&#x662F;&#x7D20;&#x6570;;</li>
<li><span class="mathjax-exps">$h \le 2^{t/8}, h=\lfloor (\sqrt{2^m} + 1)^2 / n \rfloor$</span>;</li>
<li><span class="mathjax-exps">$nG=\mathcal{O}$</span>;</li>
<li><span class="mathjax-exps">$\forall B \in [1, 100m), 2^B \not\equiv 1 \mod n, nh \ne 2^m$</span>;</li>
</ul>
<h3 class="mume-header" id="%E5%AF%86%E9%92%A5%E7%94%9F%E6%88%90toc"><a href="#toc">&#x5BC6;&#x94A5;&#x751F;&#x6210;</a></h3>

<p>&#x8BB0;&#x6709;&#x57DF;&#x53C2;&#x6570;<span class="mathjax-exps">$T=(p,a,b,G,n,h)$</span>&#x6216;<span class="mathjax-exps">$T=(p,a,b,G,n,h)$</span>;</p>
<ul>
<li>&#x968F;&#x673A;&#x9009;&#x62E9;&#x4E00;&#x4E2A;&#x6574;&#x6570;<span class="mathjax-exps">$d, d\in [1,n-1]$</span>;</li>
<li>&#x5F97;&#x5230;(&#x79C1;&#x94A5;, &#x516C;&#x94A5;)=<span class="mathjax-exps">$(d, dG)=(d, Q)$</span>;</li>
</ul>
<h4 class="mume-header" id="%E5%85%AC%E9%92%A5%E9%AA%8C%E8%AF%81toc"><a href="#toc">&#x516C;&#x94A5;&#x9A8C;&#x8BC1;</a></h4>

<p>&#x8BB0;&#x6709;&#x57DF;&#x53C2;&#x6570;<span class="mathjax-exps">$T=(p,a,b,G,n,h)$</span>&#x6216;<span class="mathjax-exps">$T=(p,a,b,G,n,h)$</span>, &#x53CA;&#x516C;&#x94A5;<span class="mathjax-exps">$Q=(x,y)$</span>;</p>
<ol>
<li><span class="mathjax-exps">$Q\ne \mathcal{O}$</span>;</li>
<li>&#x82E5;T&#x662F;<span class="mathjax-exps">$F_p$</span>&#x4E0A;&#x7684;&#x57DF;&#x53C2;&#x6570;, &#x5219;<span class="mathjax-exps">$x,y$</span>&#x9700;&#x6EE1;&#x8DB3;<span class="mathjax-exps">$x,y\in [0,p-1]$</span>, &#x4E14;<span class="mathjax-exps">$y^2=x^3+ax^2+b \mod p$</span>;</li>
<li>&#x82E5;T&#x662F;<span class="mathjax-exps">$F_{2^m}$</span>&#x4E0A;&#x7684;&#x57DF;&#x53C2;&#x6570;, &#x5219;<span class="mathjax-exps">$x,y$</span>&#x9700;&#x6EE1;&#x8DB3;<span class="mathjax-exps">$x,y\in [0,2^m-1]$</span>, &#x4E14;<span class="mathjax-exps">$y^2+xy=x^3+ax^2+b \mod 2^m$</span>;</li>
<li><span class="mathjax-exps">$nQ=\mathcal{O}$</span>;</li>
</ol>
<p>&#x5B8C;&#x5168;&#x9A8C;&#x8BC1;: &#x9700;&#x8981;&#x9A8C;&#x8BC1;&#x6761;&#x4EF6;1/2/3/4;<br>
&#x90E8;&#x5206;&#x9A8C;&#x8BC1;: &#x53EA;&#x9700;&#x9A8C;&#x8BC1;&#x6761;&#x4EF6;1/2/3;</p>
<h3 class="mume-header" id="diffie-hellman%E5%8E%9F%E6%A0%B9toc"><a href="#toc">Diffie-Hellman&#x539F;&#x6839;</a></h3>

<p>&#x8BB0;&#x6709;&#x57DF;&#x53C2;&#x6570;<span class="mathjax-exps">$T$</span>, &#x5B9E;&#x4F53;<span class="mathjax-exps">$U$</span>&#x62E5;&#x6709;&#x79C1;&#x94A5;<span class="mathjax-exps">$d_U$</span>, &#x5B9E;&#x4F53;<span class="mathjax-exps">$V$</span>&#x62E5;&#x6709;&#x516C;&#x94A5;<span class="mathjax-exps">$Q_V=(x,y)$</span>, <span class="mathjax-exps">$U$</span>&#x548C;<span class="mathjax-exps">$V$</span>&#x7684;&#x5BC6;&#x94A5;&#x662F;&#x7531;&#x540C;&#x4E00;&#x57DF;&#x53C2;&#x6570;&#x5F97;&#x5230;&#x7684;;</p>
<p>&#x692D;&#x5706;&#x66F2;&#x7EBF;Diffie-Hellman&#x539F;&#x6839;</p>
<ul>
<li><span class="mathjax-exps">$P=(x_P, y_P)=d_U Q_V$</span>;</li>
<li>&#x82E5;<span class="mathjax-exps">$P=\mathcal{O}$</span>, &#x5219;&#x65E0;&#x5171;&#x4EAB;&#x52A0;&#x5BC6;&#x5143;&#x7D20;;</li>
<li>&#x82E5;<span class="mathjax-exps">$P\ne\mathcal{O}$</span>, &#x5219;&#x5B58;&#x5728;&#x5171;&#x4EAB;&#x52A0;&#x5BC6;&#x5143;&#x7D20;<span class="mathjax-exps">$z=x_P$</span>;</li>
</ul>
<p>&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x4F59;&#x56E0;&#x5B50;Diffie-Hellman&#x539F;&#x6839;</p>
<ul>
<li><span class="mathjax-exps">$P=(x_P, y_P)= h d_U Q_V$</span>;</li>
<li>&#x82E5;<span class="mathjax-exps">$P=\mathcal{O}$</span>, &#x5219;&#x65E0;&#x5171;&#x4EAB;&#x52A0;&#x5BC6;&#x5143;&#x7D20;;</li>
<li>&#x82E5;<span class="mathjax-exps">$P\ne\mathcal{O}$</span>, &#x5219;&#x5B58;&#x5728;&#x5171;&#x4EAB;&#x52A0;&#x5BC6;&#x5143;&#x7D20;<span class="mathjax-exps">$z=x_P$</span>;</li>
</ul>
<h3 class="mume-header" id="mqv%E5%8E%9F%E6%A0%B9toc"><a href="#toc">MQV&#x539F;&#x6839;</a></h3>

<p>&#x8BB0;&#x6709;&#x57DF;&#x53C2;&#x6570;<span class="mathjax-exps">$T$</span>(&#x6240;&#x5C5E;&#x7FA4;&#x7684;&#x9636;&#x8BB0;&#x4E3A;<span class="mathjax-exps">$q$</span>), &#x5B9E;&#x4F53;<span class="mathjax-exps">$U$</span>&#x62E5;&#x6709;&#x5BC6;&#x94A5;&#x5BF9;<span class="mathjax-exps">$(d_{1,U}, Q_{1,U}=(x_{1,U}, y_{1,U}))$</span>&#x548C;<span class="mathjax-exps">$(d_{2,U}, Q_{2,U}=(x_{2,U}, y_{2,U}))$</span>, &#x5B9E;&#x4F53;<span class="mathjax-exps">$V$</span>&#x62E5;&#x6709;&#x516C;&#x94A5;<span class="mathjax-exps">$Q_{1,V}=(x_{1,V}, y_{1,V})$</span>&#x548C;<span class="mathjax-exps">$Q_{2,V}=(x_{2,V}, y_{2,V})$</span>, <span class="mathjax-exps">$U$</span>&#x548C;<span class="mathjax-exps">$V$</span>&#x7684;&#x5BC6;&#x94A5;&#x662F;&#x7531;&#x540C;&#x4E00;&#x57DF;&#x53C2;&#x6570;&#x5F97;&#x5230;&#x7684;;</p>
<ul>
<li><span class="mathjax-exps">$z=2^{\lceil log_2(n)/2 \rceil}$</span>;</li>
<li><span class="mathjax-exps">$s=d_{2,U} + d_{1,U}\cdot((x_{2,U} \mod z)+z) \mod n$</span>;</li>
<li><span class="mathjax-exps">$s&apos;=z + (x_{2,V} \mod z)$</span>;</li>
<li><span class="mathjax-exps">$P=(x_P, y_P)=hs(Q_{2,V} + s&apos;Q_{1,V})$</span>;</li>
<li>&#x82E5;<span class="mathjax-exps">$P=\mathcal{O}$</span>, &#x5219;&#x65E0;&#x5171;&#x4EAB;&#x52A0;&#x5BC6;&#x5143;&#x7D20;;</li>
<li>&#x82E5;<span class="mathjax-exps">$P\ne\mathcal{O}$</span>, &#x5219;&#x5B58;&#x5728;&#x5171;&#x4EAB;&#x52A0;&#x5BC6;&#x5143;&#x7D20;<span class="mathjax-exps">$z=x_P$</span>;</li>
</ul>
<h2 class="mume-header" id="%E7%AD%BE%E5%90%8D%E6%96%B9%E6%A1%88toc"><a href="#toc">&#x7B7E;&#x540D;&#x65B9;&#x6848;</a></h2>

<h3 class="mume-header" id="ecdsa%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BF%E6%95%B0%E5%AD%97%E6%9B%B2%E7%BA%BF%E7%AD%BE%E5%90%8D%E7%AE%97%E6%B3%95toc"><a href="#toc">ECDSA&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x6570;&#x5B57;&#x66F2;&#x7EBF;&#x7B7E;&#x540D;&#x7B97;&#x6CD5;</a></h3>

<p>&#x8BB0;&#x6709;&#x660E;&#x6587;&#x6570;&#x636E;<span class="mathjax-exps">$M$</span>, &#x54C8;&#x5E0C;&#x51FD;&#x6570;<span class="mathjax-exps">$Hash$</span>, &#x53CA;&#x671F;&#x671B;&#x7684;&#x5B89;&#x5168;&#x7EA7;&#x522B;<span class="mathjax-exps">$t$</span>, :</p>
<ul>
<li>&#x5B9E;&#x4F53;<span class="mathjax-exps">$U$</span>&#x4ECE;<span class="mathjax-exps">$\{E(F_p), E(F_{2^m})\}$</span>&#x4E2D;&#x9009;&#x5B9A;&#x4E00;&#x4E2A;&#x7FA4;, &#x7531;&#x6307;&#x5B9A;&#x7684;&#x5B89;&#x5168;&#x7EA7;&#x522B;<span class="mathjax-exps">$t$</span>, &#x8BA1;&#x7B97;&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x57DF;&#x53C2;&#x6570;<span class="mathjax-exps">$T$</span>;</li>
<li>&#x7531;&#x57DF;&#x53C2;&#x6570;<span class="mathjax-exps">$T$</span>&#x751F;&#x6210;&#x5BC6;&#x94A5;&#x5BF9;<span class="mathjax-exps">$(d_U, Q_U)$</span>, &#x5E76;&#x5C06;&#x516C;&#x94A5;<span class="mathjax-exps">$Q_U$</span>&#x53D1;&#x9001;&#x7ED9;<span class="mathjax-exps">$V$</span>;</li>
<li>&#x7531;<span class="mathjax-exps">$U$</span>&#x5BF9;&#x660E;&#x6587;&#x8FDB;&#x884C;&#x7B7E;&#x540D;&#x53D1;&#x9001;&#x7ED9;<span class="mathjax-exps">$V$</span>:
<ul>
<li>&#x7531;&#x57DF;&#x53C2;&#x6570;<span class="mathjax-exps">$T$</span>&#x518D;&#x9009;&#x62E9;&#x4E00;&#x7EC4;&#x5BC6;&#x94A5;&#x5BF9;<span class="mathjax-exps">$(k, (x, y))$</span>;</li>
<li><span class="mathjax-exps">$r=x\mod n$</span>;</li>
<li><span class="mathjax-exps">$H=Hash(M)$</span>, &#x8BB0;<span class="mathjax-exps">$H$</span>&#x7684;&#x4F4D;&#x957F;&#x5EA6;&#x4E3A;<span class="mathjax-exps">$l$</span>;</li>
<li><span class="mathjax-exps">$l\le \lceil log_2(n) \rceil \Rightarrow E=H;\quad l\gt \lceil log_2(n) \rceil \Rightarrow E=truncate(H)$</span>, &#x5176;&#x4E2D;truncate&#x9636;&#x6BB5;<span class="mathjax-exps">$H$</span>&#x6700;&#x5DE6;&#x8FB9;&#x7684;<span class="mathjax-exps">$\lceil log_2(n) \rceil$</span>&#x4F4D;;</li>
<li><span class="mathjax-exps">$E$</span>&#x8F6C;&#x4E3A;&#x5927;&#x6574;&#x6570;<span class="mathjax-exps">$e$</span>;</li>
<li><span class="mathjax-exps">$s=k^{-1}(e+rd_U) \mod n$</span>;</li>
<li>&#x82E5;<span class="mathjax-exps">$s=0$</span>, &#x518D;&#x91CD;&#x65B0;&#x9009;&#x62E9;&#x4E00;&#x7EC4;&#x5BC6;&#x94A5;&#x91CD;&#x65B0;&#x8FED;&#x4EE3;;</li>
<li>&#x5F97;&#x5230;<span class="mathjax-exps">$M$</span>&#x7684;&#x7B7E;&#x540D;<span class="mathjax-exps">$(r,s)$</span>;</li>
</ul>
</li>
<li><span class="mathjax-exps">$V$</span>&#x6536;&#x5230;&#x660E;&#x6587;<span class="mathjax-exps">$M$</span>&#x53CA;&#x7B7E;&#x540D;<span class="mathjax-exps">$(r,s)$</span>, &#x5BF9;&#x7B7E;&#x540D;&#x8FDB;&#x884C;&#x8BA4;&#x8BC1;:
<ul>
<li>&#x9A8C;&#x8BC1;<span class="mathjax-exps">$r,s \in [1,n-1]$</span>;</li>
<li><span class="mathjax-exps">$H=Hash(M)$</span>:</li>
<li><span class="mathjax-exps">$l\le \lceil log_2(n) \rceil \Rightarrow E=H;\quad l\gt \lceil log_2(n) \rceil \Rightarrow E=truncate(H)$</span>, &#x5176;&#x4E2D;truncate&#x9636;&#x6BB5;<span class="mathjax-exps">$H$</span>&#x6700;&#x5DE6;&#x8FB9;&#x7684;<span class="mathjax-exps">$\lceil log_2(n) \rceil$</span>&#x4F4D;;</li>
<li><span class="mathjax-exps">$E$</span>&#x8F6C;&#x4E3A;&#x5927;&#x6574;&#x6570;<span class="mathjax-exps">$e$</span>;</li>
<li><span class="mathjax-exps">$u_1 = es^{-1} \mod n, u_2=rs^{-1} \mod n$</span>;</li>
<li><span class="mathjax-exps">$R=(x,y)=u_1 G + u_2 Q_U$</span>;</li>
<li>&#x9A8C;&#x8BC1;<span class="mathjax-exps">$R\ne\mathcal{O}$</span>;</li>
<li><span class="mathjax-exps">$v=x \mod n$</span>;</li>
<li>&#x9A8C;&#x8BC1;<span class="mathjax-exps">$v=r$</span>, &#x5219;&#x7B7E;&#x540D;&#x901A;&#x8FC7;&#x9A8C;&#x8BC1;. &#x5426;&#x5219;, &#x7B7E;&#x540D;&#x4E0D;&#x6B63;&#x786E;;</li>
</ul>
</li>
</ul>
<h2 class="mume-header" id="%E5%8A%A0%E5%AF%86%E5%92%8C%E5%AF%86%E9%92%A5%E4%BC%A0%E8%BE%93%E6%96%B9%E6%A1%88toc"><a href="#toc">&#x52A0;&#x5BC6;&#x548C;&#x5BC6;&#x94A5;&#x4F20;&#x8F93;&#x65B9;&#x6848;</a></h2>

<h3 class="mume-header" id="ecies%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BF%E9%9B%86%E6%88%90%E5%8A%A0%E5%AF%86%E7%AE%97%E6%B3%95toc"><a href="#toc">ECIES&#x692D;&#x5706;&#x66F2;&#x7EBF;&#x96C6;&#x6210;&#x52A0;&#x5BC6;&#x7B97;&#x6CD5;</a></h3>

<p>&#x8BB0;&#x6709;&#x660E;&#x6587;&#x6570;&#x636E;<span class="mathjax-exps">$M$</span>, <a href="https://www.cnblogs.com/mengsuenyan/p/13160157.html">&#x5BC6;&#x94A5;&#x6D3E;&#x751F;&#x51FD;&#x6570;</a><span class="mathjax-exps">$KDF$</span>, <a href="https://www.cnblogs.com/mengsuenyan/p/12699175.html">&#x6D88;&#x606F;&#x8BA4;&#x8BC1;&#x7801;&#x51FD;&#x6570;</a><span class="mathjax-exps">$MAC$</span>, <a href="https://www.cnblogs.com/mengsuenyan/p/12697694.html">&#x5BF9;&#x79F0;&#x52A0;&#x5BC6;&#x51FD;&#x6570;</a><span class="mathjax-exps">$ENC$</span>, &#x57DF;&#x53C2;&#x6570;<span class="mathjax-exps">$T$</span>, &#x8BB0;&#x6709;&#x5B9E;&#x4F53;<span class="mathjax-exps">$U$</span>&#x548C;<span class="mathjax-exps">$V$</span>, <span class="mathjax-exps">$U$</span>&#x548C;<span class="mathjax-exps">$V$</span>&#x4E4B;&#x95F4;&#x7684;&#x5171;&#x4EAB;&#x6570;&#x636E;<span class="mathjax-exps">$SharedInfo1$</span>&#x548C;<span class="mathjax-exps">$SharedInfo2$</span>(&#x53EF;&#x9009;);</p>
<ul>
<li>&#x5BC6;&#x94A5;&#x90E8;&#x7F72;:
<ul>
<li>&#x5B9E;&#x4F53;<span class="mathjax-exps">$V$</span>&#x751F;&#x6210;&#x5BC6;&#x94A5;&#x5BF9;<span class="mathjax-exps">$d_V, Q_V$</span>, &#x5C06;&#x516C;&#x94A5;<span class="mathjax-exps">$Q_V$</span>&#x53D1;&#x9001;&#x7ED9;<span class="mathjax-exps">$U$</span>;</li>
<li><span class="mathjax-exps">$U$</span>&#x5BF9;&#x516C;&#x94A5;<span class="mathjax-exps">$Q_V$</span>&#x5408;&#x6CD5;&#x6027;&#x8FDB;&#x884C;&#x9A8C;&#x8BC1;;</li>
</ul>
</li>
<li>&#x52A0;&#x5BC6;:
<ul>
<li>&#x7531;<span class="mathjax-exps">$T$</span>&#x751F;&#x6210;&#x5BC6;&#x94A5;&#x5BF9;<span class="mathjax-exps">$(k, R=(x,y))$</span>;</li>
<li>&#x6839;&#x636E;<span class="mathjax-exps">$R$</span>&#x662F;&#x5426;&#x4F7F;&#x7528;&#x70B9;&#x538B;&#x7F29;&#x65B9;&#x5F0F;, &#x5C06;<span class="mathjax-exps">$R$</span>&#x8F6C;&#x6362;&#x4E3A;8&#x4F4D;&#x7EC4;<span class="mathjax-exps">$\bar{R}$</span>;</li>
<li>&#x6839;&#x636E;&#x662F;&#x5426;&#x4F7F;&#x7528;<span class="mathjax-exps">$Diffie-Hellman$</span>&#x516C;&#x94A5;&#x52A0;&#x5BC6;&#x5143;&#x7D20;, &#x7531;<span class="mathjax-exps">$k, Q_V$</span>&#x751F;&#x6210;&#x751F;&#x6210;&#x52A0;&#x5BC6;&#x5171;&#x4EAB;&#x5143;&#x7D20;<span class="mathjax-exps">$z$</span>;</li>
<li>&#x5C06;<span class="mathjax-exps">$z$</span>&#x8F6C;&#x6362;&#x4F4D;8&#x4F4D;&#x7EC4;<span class="mathjax-exps">$Z$</span>;</li>
<li><span class="mathjax-exps">$K=KDF(Z, [SharedInfo1])$</span>, &#x8F93;&#x51FA;&#x516B;&#x4F4D;&#x7EC4;&#x957F;&#x5EA6;&#x4F4D;<span class="mathjax-exps">$enckeylen+mackeylen$</span>;</li>
<li>&#x53D6;<span class="mathjax-exps">$K$</span>&#x7684;&#x6700;&#x5DE6;&#x8FB9;&#x7684;<span class="mathjax-exps">$enckeylen$</span>&#x4E2A;&#x516B;&#x4F4D;&#x7EC4;&#x4F5C;&#x4E3A;<span class="mathjax-exps">$EK$</span>, &#x6700;&#x53F3;&#x8FB9;&#x7684;<span class="mathjax-exps">$mackeylen$</span>&#x4E2A;&#x516B;&#x4F4D;&#x7EC4;&#x4F5C;&#x4E3A;<span class="mathjax-exps">$MK$</span>;</li>
<li><span class="mathjax-exps">$EK$</span>&#x4F5C;&#x4E3A;&#x5BC6;&#x94A5;, &#x52A0;&#x5BC6;&#x660E;&#x6587;&#x5F97;&#x5BC6;&#x6587;<span class="mathjax-exps">$EM=ENC(EK, M)$</span>;</li>
<li>&#x8BA1;&#x7B97;&#x6D88;&#x606F;&#x8BA4;&#x8BC1;&#x7801;<span class="mathjax-exps">$D=MAC(EM, MK, [SharedInfo2])$</span>;</li>
<li>&#x8F93;&#x51FA;<span class="mathjax-exps">$C=\bar{R} || EM || D$</span>;</li>
</ul>
</li>
<li>&#x89E3;&#x5BC6;:
<ul>
<li><span class="mathjax-exps">$V$</span>&#x63A5;&#x6536;&#x5230;&#x52A0;&#x5BC6;&#x6570;&#x636E;<span class="mathjax-exps">$C$</span>;</li>
<li>&#x6839;&#x636E;<span class="mathjax-exps">$C$</span>&#x7684;&#x5934;&#x5B57;&#x8282;&#x662F;<span class="mathjax-exps">$0x02/0x03/0x04$</span>, &#x63D0;&#x53D6;&#x516C;&#x94A5;<span class="mathjax-exps">$R=(x,y)$</span>, <span class="mathjax-exps">$EM$</span>, <span class="mathjax-exps">$D$</span>;</li>
<li>&#x6839;&#x636E;&#x662F;&#x5426;&#x4F7F;&#x7528;<span class="mathjax-exps">$Diffie-Hellman$</span>, &#x7531;<span class="mathjax-exps">$(d_V, R)$</span>;</li>
<li>&#x7136;&#x540E;&#x6309;&#x7167;&#x548C;&#x5982;&#x4E0A;&#x52A0;&#x5BC6;&#x8FC7;&#x7A0B;&#x76F8;&#x540C;&#x7684;&#x65B9;&#x5F0F;, &#x751F;&#x6210;<span class="mathjax-exps">$EK$</span>, <span class="mathjax-exps">$EM$</span>, <span class="mathjax-exps">$D$</span>;</li>
<li>&#x9A8C;&#x8BC1;&#x751F;&#x6210;&#x7684;<span class="mathjax-exps">$D$</span>&#x548C;&#x63A5;&#x6536;&#x5230;&#x7684;<span class="mathjax-exps">$D$</span>&#x662F;&#x5426;&#x76F8;&#x540C;;</li>
<li>&#x5982;&#x679C;MAC&#x8BA4;&#x8BC1;&#x76F8;&#x540C;, &#x90A3;&#x4E48;&#x89E3;&#x5BC6;<span class="mathjax-exps">$M=ENC(EM, EK)$</span>;</li>
</ul>
</li>
</ul>
<h2 class="mume-header" id="%E5%AF%86%E9%92%A5%E5%8D%8F%E5%95%86%E6%96%B9%E6%A1%88toc"><a href="#toc">&#x5BC6;&#x94A5;&#x534F;&#x5546;&#x65B9;&#x6848;</a></h2>

<h3 class="mume-header" id="%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BFdiffie-hellman%E6%96%B9%E6%A1%88toc"><a href="#toc">&#x692D;&#x5706;&#x66F2;&#x7EBF;Diffie-Hellman&#x65B9;&#x6848;</a></h3>

<p>&#x8BB0;&#x6709;&#x57DF;&#x53C2;&#x6570;<span class="mathjax-exps">$T$</span>, &#x5B9E;&#x4F53;<span class="mathjax-exps">$U$</span>&#x548C;<span class="mathjax-exps">$V$</span>;</p>
<ul>
<li>&#x5BC6;&#x94A5;&#x90E8;&#x7F72;:
<ul>
<li><span class="mathjax-exps">$U$</span>&#x548C;<span class="mathjax-exps">$V$</span>&#x5206;&#x522B;&#x8BA1;&#x7B97;&#x5BC6;&#x94A5;&#x5BF9;<span class="mathjax-exps">$(d_U, Q_U)$</span>, <span class="mathjax-exps">$(d_V, Q_V)$</span>;</li>
<li><span class="mathjax-exps">$U$</span>&#x548C;<span class="mathjax-exps">$V$</span>&#x4EA4;&#x6362;&#x516C;&#x94A5;, &#x5E76;&#x5404;&#x81EA;&#x9A8C;&#x8BC1;&#x6536;&#x5230;&#x7684;&#x516C;&#x94A5;&#x662F;&#x5426;&#x5408;&#x6CD5;;</li>
</ul>
</li>
<li>&#x5BC6;&#x94A5;&#x534F;&#x5546;:
<ul>
<li>&#x5B9E;&#x4F53;<span class="mathjax-exps">$U$</span>&#x7531;<span class="mathjax-exps">$d_U, Q_V$</span>&#x8BA1;&#x7B97;Diffie-Hellman&#x539F;&#x6839;<span class="mathjax-exps">$z$</span>;</li>
<li>&#x5C06;<span class="mathjax-exps">$z$</span>&#x8F6C;&#x6362;&#x4F4D;&#x516B;&#x4F4D;&#x7EC4;<span class="mathjax-exps">$Z$</span>, &#x7531;&#x5BC6;&#x94A5;&#x6D3E;&#x751F;&#x51FD;&#x6570;&#x5F97;&#x5230;&#x5BC6;&#x94A5;&#x6570;&#x636E;<span class="mathjax-exps">$K=KDF(Z, [SharedInfo])$</span>;</li>
<li>&#x8F93;&#x51FA;<span class="mathjax-exps">$K$</span></li>
</ul>
</li>
</ul>
<h3 class="mume-header" id="%E6%A4%AD%E5%9C%86%E6%9B%B2%E7%BA%BFmqv%E6%96%B9%E6%A1%88toc"><a href="#toc">&#x692D;&#x5706;&#x66F2;&#x7EBF;MQV&#x65B9;&#x6848;</a></h3>

<p>&#x5C06;&#x692D;&#x5706;&#x66F2;&#x7EBF;Diffie-Hellman&#x65B9;&#x6848;&#x8FC7;&#x7A0B;&#x57FA;&#x672C;&#x4E00;&#x81F4;, &#x53EA;&#x9700;&#x5C06;&#x5176;&#x4E2D;&#x7684;<span class="mathjax-exps">$Diffie-Hellman$</span>&#x539F;&#x6839;&#x66FF;&#x6362;<span class="mathjax-exps">$MQV&#x539F;&#x6839;$</span>;</p>
<h2 class="mume-header" id="%E5%8F%82%E8%80%83%E8%B5%84%E6%96%99toc"><a href="#toc">&#x53C2;&#x8003;&#x8D44;&#x6599;</a></h2>

<p>[1]. Standars for Efficient Cryptography 1 (SEC1: Elliptic Curve Cryptography), Daniel R.L.Brown;</p>

      </div>
      
      
    
    
    
    
    
    
    
    
  
    </body></html>